This report asks the question of whether the targeted cyber attack that caused a power outage in Ukraine in 2015 could similarly affect the United States’ power grid. To answer this, it traces the mechanical details of the Ukraine attack, beginning with the spearphishing campaign that first allowed hackers to infiltrate into the system, and ending with a discussion of the sophisticated range of edge scenarios that the hackers proceeded to compromise to ensure that it would be difficult for the Ukrainian operators to recover. The author then discusses the aspects of the US power grid that could enable a similar attack to succeed there, such as the fact that legacy ICS communication protocols are still used throughout, and concludes that the Ukraine attack could definitely happen in the United States. The author continues to discuss methods of mitigating cybersecurity risk within the power grid of the United States, suggesting solutions such as employee cybersecurity awareness, limiting remote access functionality, firmware driver signaling, and generally more effective communication from the government regarding regulatory standards. He concludes that many of the problems faced in ensuring power grid cybersecurity stem from the fact that the power grid was updated too quickly to support new networked technologies such as IoT devices, without enough consideration of the security vulnerabilities that these updates would create. Though reversing these updates has been suggested, the author concludes that doing so would be impractical: “The US has invested billions already in modernizing the grid making it too late to turn back time. There needs to be a balance of modernization and security where security is priority especially in critical infrastructure systems.” https://cams.mit.edu/wp-content/uploads/2016-22.pdf